This is draft notes for migrating a Tessera network. To be made more general and merged into howto-2-network-1.0-migration.md.
- Network 2.0 uses 3 pairs of subnets instead of 1 pair in Network 1.0.
- Network 2.0 requires specific values for variant options that are configurable in Network 1.0:
lambdas_in_vpc=trueapi_gateway_in_vpc=trueifelb_scheme=internalecs_public_ip=falseelastic_search_config.vpc=true
- Their variant has
existing_vpc=true - Their variant has all required variant options values for Network 2.0 except
api_gateway_in_vpc=truewhich is required since they useelb_scheme=internal - Migration adds these CloudFormation parameters:
- IntraSubnets
- UserSecurityGroup
- UserSubnets
- ApiGatewayVPCEndpoint
Before beginning the migration, create backups of your database and Elasticsearch cluster to ensure data safety during the transition process.
Create a new variant with api_gateway_in_vpc=true to enable API Gateway within the VPC.
They'll need to create a VPC endpoint for API Gateway and pass it to ApiGatewayVPCEndpoint parameter
- create SG for ELB (UserSecurityGroup)
- current Subnets parameter becomes UserSubnets?
- create subnets for new Subnets and IntraSubnets
- their setup should be aligned with diagram
- if VPC CIDR is fully allocated to subnets, they may need to add secondary CIDR to VPC to create new subnets
- it's impossible to change subnets of DBSubnetGroup if they are in use
- CloudFormation only can change DBSubnetGroup by replacing the DB instance, but it can be done manually
- a new DBSubnetGroup can't be in the same VPC
- moving to new DBSubnetGroup requires multi-AZ to be turned off temporarily
- create temporary VPC with 2 subnets in different AZs, restrictive security group and new DBSubnetGroup
- turn off multi-AZ on DB instance
- modify DB instance to use new DBSubnetGroup in temporary VPC
- set IntraSubnets on old DBSubnetGroup
- modify DB instance to use old DBSubnetGroup
- turn on multi-AZ on DB instance
- delete temporary VPC and DBSubnetGroup